High severityNVD Advisory· Published Apr 11, 2014· Updated May 6, 2026
CVE-2014-2741
CVE-2014-2741
Description
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.igniterealtime.openfire:parentMaven | < 3.9.2 | 3.9.2 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- github.com/advisories/GHSA-j5qh-cp3p-2h87ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-2741ghsaADVISORY
- community.igniterealtime.org/thread/52317nvdWEB
- openwall.com/lists/oss-security/2014/04/07/7nvdWEB
- openwall.com/lists/oss-security/2014/04/09/1nvdWEB
- www.kb.cert.org/vuls/id/495476nvdUS Government ResourceWEB
- github.com/igniterealtime/Openfire/commit/3aec383e07ee893b77396fe946766bbd3758af77ghsaWEB
- web.archive.org/web/20140407092132/http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzasghsaWEB
- web.archive.org/web/20140705161237/http://fisheye.igniterealtime.org/changelog/openfiregitghsaWEB
- fisheye.igniterealtime.org/changelog/openfiregitnvd
- xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/nvd
News mentions
0No linked articles in our index yet.